Overview

overview

10

Static

static

10

RCX/RCX.exe

windows7-x64

3

RCX/RCX.exe

windows10-2004-x64

7

RCX/RCX.exe.lnk

windows7-x64

3

RCX/RCX.exe.lnk

windows10-2004-x64

7

RCX/RCX/RCX/RCX.exe

windows7-x64

3

RCX/RCX/RCX/RCX.exe

windows10-2004-x64

3

RCX/RCXDraw.dll

windows7-x64

3

RCX/RCXDraw.dll

windows10-2004-x64

1

RCX/RCXDraw.exe

windows7-x64

1

RCX/RCXDraw.exe

windows10-2004-x64

1

RCX/RCXJPN.dll

windows7-x64

1

RCX/RCXJPN.dll

windows10-2004-x64

1

RCX/trz4A49.exe

windows7-x64

3

RCX/trz4A49.exe

windows10-2004-x64

3

RCX/trz6D30.exe

windows7-x64

3

RCX/trz6D30.exe

windows10-2004-x64

7

RCX/trzBF87.exe

windows7-x64

3

RCX/trzBF87.exe

windows10-2004-x64

7

RCX/trzDBC9.exe

windows7-x64

3

RCX/trzDBC9.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb0606a39ce8bcdbc2ca052de3ee1f43.rar

  • Size

    2.6MB

  • Sample

    240109-xlytcahgb3

  • MD5

    eb0606a39ce8bcdbc2ca052de3ee1f43

  • SHA1

    227054e8b4fcf48239e13eb96b668157beca8d21

  • SHA256

    e4c54831495a2717c6a8e1f6a67ae17f4b46e23a8d21836deb61dbff0b2256cd

  • SHA512

    b861cb13077f0a764871c1055d8ef8fd163ec81cb7d94f102593935f2a33d27a876ef2d6267d470078efd627ed96b573a747bfb68a9186eac25da23970c08cac

  • SSDEEP

    49152:/mSMxyQiJkxyQiJu2T1L6D0Vnj+GyxyQiJqxyQiJixyQiJSxyQiJu:/CxyQQkxyQQu2ZL6D0djMxyQQqxyQQir

Score
10/10
neshta

Malware Config

Targets

    • Target

      RCX/RCX.exe

    • Size

      2.4MB

    • MD5

      cb2910db65e1c7f468f3a82650486ccf

    • SHA1

      8fac4c5dc4731b69b73dc4a68180225b7fa0656f

    • SHA256

      b7acae52125a814ed6df47862832cbabb89e9796d7c1c120926bc37a0513785a

    • SHA512

      1f4461fee6b84f9402d1ef70071dae1815f23c57186c3b8d8cffbf00effe1f1db37d7f796bc06f76ac294a334f4357ce6e1b770b4c44ac09216787c2a60d425a

    • SSDEEP

      12288:41rDGR1ZDsD0brfV7V7VArfV7V7V7V7VArsrsrsrfV7V7V7V7V7V7V7V7VArsrf5:41GZDs

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      RCX/RCX.exe.lnk

    • Size

      758B

    • MD5

      0175ab02ca5aee20c22b5dd700d4ae63

    • SHA1

      4bea714d90a0188b060b24c18b896cc76b981903

    • SHA256

      9fc8cb56d3e95a452c1dee688df3e15cca83bcac4029420debda956b0b16a320

    • SHA512

      d09a10d76ab01ca63f85f520ac85e38eca55fb01576687382df5b2baeb4cca5ec0c1fc7a878bf3f94805eec6fed74330732722babca324d177342aa352cc0b8e

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      RCX/RCX/RCX/RCX.exe

    • Size

      2.4MB

    • MD5

      cb2910db65e1c7f468f3a82650486ccf

    • SHA1

      8fac4c5dc4731b69b73dc4a68180225b7fa0656f

    • SHA256

      b7acae52125a814ed6df47862832cbabb89e9796d7c1c120926bc37a0513785a

    • SHA512

      1f4461fee6b84f9402d1ef70071dae1815f23c57186c3b8d8cffbf00effe1f1db37d7f796bc06f76ac294a334f4357ce6e1b770b4c44ac09216787c2a60d425a

    • SSDEEP

      12288:41rDGR1ZDsD0brfV7V7VArfV7V7V7V7VArsrsrsrfV7V7V7V7V7V7V7V7VArsrf5:41GZDs

    Score
    3/10
    behavioral5behavioral6

    • Target

      RCX/RCXDraw.dll

    • Size

      262KB

    • MD5

      703082d971ebdd858c62417b7879806b

    • SHA1

      4495b7ac01eda2838b2978e7c2d7564ed8a9e5ed

    • SHA256

      f2389bd0a710441390c20212baa932c3073cb13e62073971e778bf45aed4ebaf

    • SHA512

      8d0b7bae60de997eb7f1340a3965b87da59f458675b9cd05b79b67c2c57f240676d38ed2a9a7d2ee346a4c99f5a8854b17c7080ccfdd1ee7ac7d421023f2e78f

    • SSDEEP

      6144:kvgxXK9kTR91fFSegTD0H9d7gFK5W5FqBG90E:kvKTL9F7gKEKKqw90E

    Score
    3/10
    behavioral7behavioral8

    • Target

      RCX/RCXDraw.exe

    • Size

      2.2MB

    • MD5

      b54ee94a4e24cb0cc1fcc43c10119795

    • SHA1

      94e32753aa5df8c1bea5f177b1c3eee195182f9c

    • SHA256

      15578a3dfc0da3616a5968ac0743c042c9ed661b0d0f84ece1e174ac4807d3ec

    • SHA512

      558ad1309a9ef333cccf330e87354339c82c180493e22165e63263212c11e7bd2861ea4a73836f5b1237459db3f4c8231758dd4716f449cbdb395bc8507f505b

    • SSDEEP

      6144:4S0S79wSKS79wSKS79wSKSKSKS79N9N9wS79N9N9wS79N9N9N9N9wS79N9N9wS7d:/7dhdhdhhhdddddhhhhdhX

    Score
    1/10
    behavioral10behavioral9

    • Target

      RCX/RCXJPN.dll

    • Size

      68KB

    • MD5

      b0585e5b8b646f6904fdef67e490f9b6

    • SHA1

      987ddd5cbaf05d37f3f11d5fadc1da860a68fa10

    • SHA256

      d930a34426dd7f477e09a8de68e5360e599735d2ffb31c8b66ee81cd4cb1cd37

    • SHA512

      ddb10892d96cbde8316fd90170ec66e790ccd609e532d4cd2fcf9a68a6b94959c9da9484d64bc289c0602b34c82e85bf77070e72856711e610a9494c0cc3505c

    • SSDEEP

      1536:w7V4mWkHWTdJpMX73Oex4BxrN6iRQBNQP+31:DmWrTnqX7WY26NQG31

    Score
    1/10
    behavioral11behavioral12

    • Target

      RCX/trz4A49.tmp

    • Size

      2.4MB

    • MD5

      cb2910db65e1c7f468f3a82650486ccf

    • SHA1

      8fac4c5dc4731b69b73dc4a68180225b7fa0656f

    • SHA256

      b7acae52125a814ed6df47862832cbabb89e9796d7c1c120926bc37a0513785a

    • SHA512

      1f4461fee6b84f9402d1ef70071dae1815f23c57186c3b8d8cffbf00effe1f1db37d7f796bc06f76ac294a334f4357ce6e1b770b4c44ac09216787c2a60d425a

    • SSDEEP

      12288:41rDGR1ZDsD0brfV7V7VArfV7V7V7V7VArsrsrsrfV7V7V7V7V7V7V7V7VArsrf5:41GZDs

    Score
    3/10
    behavioral13behavioral14

    • Target

      RCX/trz6D30.tmp

    • Size

      2.4MB

    • MD5

      cb2910db65e1c7f468f3a82650486ccf

    • SHA1

      8fac4c5dc4731b69b73dc4a68180225b7fa0656f

    • SHA256

      b7acae52125a814ed6df47862832cbabb89e9796d7c1c120926bc37a0513785a

    • SHA512

      1f4461fee6b84f9402d1ef70071dae1815f23c57186c3b8d8cffbf00effe1f1db37d7f796bc06f76ac294a334f4357ce6e1b770b4c44ac09216787c2a60d425a

    • SSDEEP

      12288:41rDGR1ZDsD0brfV7V7VArfV7V7V7V7VArsrsrsrfV7V7V7V7V7V7V7V7VArsrf5:41GZDs

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral15behavioral16

    • Target

      RCX/trzBF87.tmp

    • Size

      2.4MB

    • MD5

      cb2910db65e1c7f468f3a82650486ccf

    • SHA1

      8fac4c5dc4731b69b73dc4a68180225b7fa0656f

    • SHA256

      b7acae52125a814ed6df47862832cbabb89e9796d7c1c120926bc37a0513785a

    • SHA512

      1f4461fee6b84f9402d1ef70071dae1815f23c57186c3b8d8cffbf00effe1f1db37d7f796bc06f76ac294a334f4357ce6e1b770b4c44ac09216787c2a60d425a

    • SSDEEP

      12288:41rDGR1ZDsD0brfV7V7VArfV7V7V7V7VArsrsrsrfV7V7V7V7V7V7V7V7VArsrf5:41GZDs

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral17behavioral18

    • Target

      RCX/trzDBC9.tmp

    • Size

      2.4MB

    • MD5

      cb2910db65e1c7f468f3a82650486ccf

    • SHA1

      8fac4c5dc4731b69b73dc4a68180225b7fa0656f

    • SHA256

      b7acae52125a814ed6df47862832cbabb89e9796d7c1c120926bc37a0513785a

    • SHA512

      1f4461fee6b84f9402d1ef70071dae1815f23c57186c3b8d8cffbf00effe1f1db37d7f796bc06f76ac294a334f4357ce6e1b770b4c44ac09216787c2a60d425a

    • SSDEEP

      12288:41rDGR1ZDsD0brfV7V7VArfV7V7V7V7VArsrsrsrfV7V7V7V7V7V7V7V7VArsrf5:41GZDs

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks